Apache [forbidden 403] Error Solution

Source: Internet
Author: User
Tags 403 forbidden error

Today, I am going to try to configure the user directory on the Apache server ). The configuration process, problems, and solutions are summarized as follows:
1. General Configuration:
Add User Web:
Adduser Web
Passwd Web
Create the public_html directory in the Web user directory and set the permission to 755:
Mkdir public_html
Chmod 755 public_html-R
Modify/etc/HTTP/httpd. conf:
# Userdir: the name of the directory that is appended onto a user's home
# Directory if ~ User request is already ed.
# The Path to the end user account 'public _ HTML 'directory must be
# Accessible to the webserver userid. This usually means that ~ Userid
# Must have permissions of 711 ,~ USERID/public_html must have permissions
# Of 755, and documents contained therein must be world-readable.
# The client will only receive a "403 Forbidden" message.
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
# Userdir is disabled by default since it can confirm the presence
# Of a username on the system (depending on Home Directory
# Permissions ).
# Userdir disable
# To enable requests /~ User/to serve the user's public_html
# Directory, remove the "userdir disable" line above, and uncomment
# The following line instead:
Userdir public_html
2. Test and problem occurrence:
Http: // /~ Web
You don't have permission to access /~ Web on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an errordocument to handle the request.
Apache/2.0.54 (Fedora) server at port 80
In general, this problem occurs, and the access permission of directories can be directly thought of. After a long query, the problem has not been solved after a long call. In the meantime, I thought about SELinux. I went in and looked at it and didn't find anything to change. (It turns out that sometimes intuition is very accurate, and the difference between finding the answer is often: whether intuition goes deeper ).
3. Problem Solving
After searching for Apache 403 with Google for a while, I finally found out in a blog that the author encountered the same problem as me: Apache and directory configuration are normal, but the page cannot be displayed. The solution is to modify the access control of public_html by SELinux.
Run the following command to modify the folder security attributes:
Chcon-r-t httpd_user_content_t public_html/
4. Summary of associated knowledge:
  FAQ ora core 5 SELinux FAQHttp://fedora.redhat.com/docs/selinux-faq-fc5/#faq-entry-public_html
  Q:How do I make a user public_htmldirectory work under SELinux?
  A:This process presumes that you have enabled user public HTML directories in your Apache configuration file,/etc/httpd/CONF/httpd. conf. this process only covers serving static Web content. for more information about Apache HTTP and SELinux, referto http://fedora.redhat.com/docs/selinux-apache-fc3.
If you do not already have ~ /Public_htmldirectory, create it and populate it with the files and folders to be served.
  Cd ~
  Mkdir public_html
  CP/path/to/content ~ /Public_html
At this point,HttpdIs configured to serve the contents, but you still receive a 403 forbiddenerror. This is becauseHttpdIs not allowed to read the Security type for the Directory and files as they are created in the user's home directory. change the security context of the folder and its contents recursively using the-roption:
  Ls-z-D public_html/
Drwxrwxr-x auser user_u: object_r: user_home_t public_html
  Chcon-r-t httpd_user_content_t public_html/
  Ls-z-D public_html/
Drwxrwxr-x auser user_u: object_r: httpd_user_content_t public_html/
  Ls-Z public_html/
-RW-r -- auser user_u: object_r: httpd_user_content_t bar.html
-RW-r -- auser user_u: object_r: httpd_user_content_t baz.html
-RW-r -- auser user_u: object_r: httpd_user_content_t foo.html
You may notice at a later date that the user field, set here to user_u, is changed to system_u. this does not affect how the targeted policy works. the field that matters is the type field.
Your static webpages shocould now be served correctly. If you continue to have errors, ensure that the Boolean which enables user home directories is enabled. You can set it usingSystem-config-securitylevel. Select the selinuxtab, and then select the modify SELinux policyarea. Select allow httpd to read home directories. The changes take effect immediately.
Command Parsing:
  Ls-z-D public_html/# security context for displaying files/Directories
  -Z, -- Context
  Display security context so it fits on most displays. Displays only mode, user, group, security
  Context and file name.
  -D, -- directory
  List Directory entries instead of contents, and do not dereference Symbolic Links
  Chcon-r-t httpd_user_content_t public_html/# modify the security context of the file/directory
  -R, -- Recursive
  Change files and directories recursively
  -T, -- type
  Set Type type in the target security context
  Understanding SELinux:

This article is transferred from
Http://blog.chinaunix.net/u/16329/showart.php? Id = 115452

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.